Cisco, the American multinational technology conglomerate, has released its security updates in order to address the vulnerabilities that can let remote attackers gain access to compromised systems.
Cisco released software updates to tackle unauthenticated remote access of malicious threat actors that execute arbitrary code on an unpatched device. The Cisco Product Security Incident Response Team (PSIRT) is a global team that manages, investigate information regarding security vulnerabilities in Cisco product and networks. The security team says that a Cisco product that is unable to update its security patch can allow the system to be compromised and destroy the confidentiality of the product.
The PSIRT has listed several vulnerabilities in different Cisco products and released security updates in accordance with that. Some of the vulnerabilities found in the July 2022 security updates are as follows:
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities-
The security team found multiple vulnerabilities in Cisco Nexus Dashboard allowing unauthorized remote attackers to perform cross-site forgery attacks. CVE-2022-20857 vulnerability allows the threat actor to access a specific API running in the data network to execute arbitrary commands.
CVE-2022-20862 vulnerability is found in the web UI that runs in the management network of Cisco Nexus and allows remote attackers to conduct cross-site forgery attacks.
CVE-2022-20858 vulnerability allows the remote threat actor to open a TCP connection and exploit the device to download container images or upload malicious container images. The malicious images would run once the system has rebooted.
Cisco’s latest software updates address these vulnerabilities.
Cisco IoT Control Center Cross-Site Scripting Vulnerability-
The vulnerability is present in the web-based management interface of Cisco IoT Control Center that allows an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against the user interface. By changing the interface the threat actor can commit a user to click a malicious link or they could allow the user to perform arbitrary script code to access sensitive information in the browser.
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities-
This possesses multiple vulnerabilities in the API and web-based management interface.
CVE-2022-20812 vulnerability is present in the cluster database of API and remote attackers accessing this vulnerability can unauthenticated a system as an administrative read-write by submitting crafted input to overwrite arbitrary files.
CVE-2022-20813 vulnerability is in the certificate validation allowing an unauthenticated remote attacker to exploit the system in order to act as a man-in-the-middle to interrupt the traffic between devices.
According to the U.S. Computer Emergency Readiness Team’s Twitter account, Cisco has released free software updates to address the vulnerabilities. Cisco’s customer-centric service has provided a long list of vulnerabilities present on the Cisco sites and can be downloaded from safe links.
Cisco has released security updates to address vulnerabilities affecting multiple products. Read more at https://t.co/njJGuRXmsS. #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) July 22, 2022
